AWS Migration Hub
AWS Discovery Services
AWS Server Migration Services
The course is part of these learning paths
In this course we will learn to recognize and explain the migration services available from AWS and AWS partners, and how to run a migration using the AWS Server Migration Service.
This course is suited to anyone running or involved in a cloud migration project. As a pre-requisite, I recommend completing our “Getting Started with Cloud Migration” course first so you have some understanding of migration projects and the benefits of the migration services to a cloud migration project.
In this course, we will learn to apply and use the migration services available from AWS.
First, we will explore the AWS Migration Hub service - which provides a simple way to discover, track and manage the migration of servers and applications.
Then we will learn to use and apply the AWS Application Discovery Service - which provides a way to discover and audit applications and servers running in both hardware and virtualized environments.
Following that we will apply and use the AWS Server Migration Service within the migration hub to manage migrating virtual machines from an on-premise or datacenter environment to the AWS public cloud.
I recommend completing our Getting Started with Migrating to the Cloud course prior to this course so you understand the basic concepts and benefits of cloud migrations. If you are new to Cloud Computing, I'd recommend completing our What is Cloud Computing? course first so you have an understanding of cloud computing concepts.
This course is a blend of instructional learning and demonstration. In this course we cover the following topics:
- The AWS Migration Hub - which provides a simple way to manage migration of severs and applications.
- The AWS Discovery Services -we explore the AWS Discovery Connector and the Discovery Agent which enable us to audit and quantify a migration project.
- The AWS Server Migration Service - which provides a way to manage migrating vmware and HyperV virtual machines to the AWS Cloud.
If you have thoughts or suggestions for this course, please contact Cloud Academy at firstname.lastname@example.org.
- [Instructor] Okay, let's talk about authentication and roles. So the Migration Hub console provides an integrated environment for users and APIs to create Migration Hub resources and to manage migrations, okay? So the console provides many features and workflows that require specific permissions in order for them to access those resources. So the best way to implement these permissions is through managed policies. You need to set up the correct roles and permissions to run the service.
Next, you need to define a trust policy that authorizes the migration tool and this example shows a permissions policy to use for the AWS Migration Hub console and API so we want to be able to associate create artifact, notify application state, and list discovered resources. And in this example, the AWS migration service is to assume that role so we're gonna allow dms.amazonaws.com and the action is AssumeRole. So this policy is implemented in two parts, the permission policy and the trust policy.
The permission policy grants permissions to the Migration Hub actions which is the AssociateCreateArtifact, NotifyApplicationState, and ListDiscoveredResources on any resources identified by the Amazon Resource Name or the ARN for the AWS Database Migration Service or tool. So the word count character specified at the end of the resource name means that the migration tool can act on any migration task the tool creates under the particular ProgressUpdateStreamName. So the trust policy authorizes the Database Migration Service migration tool to assume the role's permission policy and the Migration Hub policy always require a trust policy to be associated with them. So the permissions required to use the Migration Hub Console and API look a bit like this.
So the first is AWSMigrationHubDiscoveryAccess which grants permission to allow the Migration Hub service to call Application Discovery Service. AWSMigrationHubFullAccess grants access to the Migration Hub console and the API/CLI for a user who's not an administrator. Now the AWSMigrationHubSMSAccess grants permissions for Migration Hub to receive notifications from the Server Migration Service migration tool so you need that one if you're using the Server Migration Service. The AWSMigrationHubDMSAccess grants permission for Migration Hub to receive notifications from the AWS Database Migration Service migration tool.
So let's talk about the trust policies required. A trust policy simply authorizes the principal to assume or use the role's permission policy and a principal can use the AWS account or the root user, an IAM user or a role. So in the Migration Hub, the trust policy must be manually added to the permission policy. So each IAM role you use for Migration Hub requires two separate policies that must be created for it, first a permissions policy which defines what actions and resources the principal is allowed to use and second a trust policy which specifies who is allowed to assume that role, the trust entity or the principal, whatever the case may be, okay? So a permissions policy and a trust policy, you need to create those first before you start using the Migration Hub.
About the Author
Head of Content
Andrew is an AWS certified professional who is passionate about helping others learn how to use and gain benefit from AWS technologies. Andrew has worked for AWS and for AWS technology partners Ooyala and Adobe. His favorite Amazon leadership principle is "Customer Obsession" as everything AWS starts with the customer. Passions around work are cycling and surfing, and having a laugh about the lessons learnt trying to launch two daughters and a few start ups.